2019/2/6 IKEv2 compatible news came in at AWS with Site to Site VPN.
AWS Site-to-Site VPN Now Supports IKEv2https://aws.amazon.com/about-aws/whats-new/2019/02/aws-site-to-site-vpn-now-supports-ikev2/
The point when connecting Azure and AWS was that AWS only supported IKEv1.This time, it became possible to realize two-way connection by supporting IKEv2.
However, there are notes.BGP can not be used (it may be possible depending on settings).
The connection configuration diagram is as follows.
The procedure is as follows.Azure side1, Create virtual network2, Create gateway subnet3, creation of public IP4, Create virtual network gateway
AWS side5, creation of VPC6, Create subnet7, Create Internet gateway (optional)8, create the customer gateway statically9, Creating Virtual Private Gateway10, create a VPN connection statically11, download the configuration file
Azure side12, Create a local network gateway13, Create connection
AWS side14, add a virtual private gateway to the routing table
optionAzure side15 Setting up two connections
Below, we will explain in Step by Step.
Create virtual network.The segment on the Azure side is 10.0.0.0/16.
Create a gateway subnet.Open the subnet from the virtual network screen and click on the gateway subnet to create it.
Create a subnet created in 1 with another CIDR.
Confirm that it was created.
Create a public IP.
Create a virtual network gateway.
Create VPC.The segment on the AWS side is 192.168.0.0/16.
Create a subnet.
Create Internet gateway (optional).
Attach the Internet gateway to the VPC.
Specify the Internet gateway at 0.0.0.0/0 in the route table.
Check the IP address from Azure’s virtual network gateway.
Create the customer gateway statically. Enter the IP address confirmed in the previous section in the IP address.
Create Virtual Private Gateway.
Create a VPN connection statically. Add the subnet on the Azure side to the prefix.
Download the configuration file. It is Generic to choose.
Check the following.IPSec Tunnel # 1Pre-Shared KeyOutside IP Addresses:-Virtual Private Gateway
Create a local network gateway.For the IP address, set the above-identified IP address (Virtual Private Gateway).In the address space, enter the VPC segment on the AWS side.
Add from virtual network gateway connection.
Enter the confirmed common key (Pre-Shared Key).
Confirm that it is connected.
Add a virtual private gateway to the routing table.
Create a local network gateway separately.At this time, check the IPSec Tunnel # 2 of the downloaded file and enter it.After creation, specify the local network gateway you created and create a connection.
By setting up two connections, communication continues even if one connection expires to some time signature.
Azure, AWS to confirm that you can communicate with each other.
All of the work is completed with this.
I roughly measured the throughput using iperf.
Azure:Standard D2s v3 (2 vcpu、8 GB memory)AWS:m5.large (2 vcpu 、8 GB memory)
Azure→AWS
------------------------------------------------------------Client connecting to 192.168.0.5, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 10.0.0.4 port 51160 connected with 192.168.0.5 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 659 MBytes 553 Mbits/sec
AWS→Azure
------------------------------------------------------------Client connecting to 10.0.0.4, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 192.168.0.5 port 50116 connected with 10.0.0.4 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 759 MBytes 636 Mbits/sec
I wonder if it is usually faster than a leased line service.
I was able to confirm that AWS can directly connect with Azure by supporting IKEv2.Until now, it was necessary to prepare a Windows server etc. to VPN Azure and AWS.There is no necessity of setting up a virtual machine by enabling VPN to be established only by the managed service,The need to manage has been reduced, so that we do not care about operation almost.I believe that Azure and AWS can be connected in a mutually managed environment so that it can be used for various purposes in the future.I think that Azure is good at Azure, AWS is good at using AWS, DR for use and I think that there are many useful values.In addition, multi cloud will proceed! !
I am very happy because it was a feature I wanted for years ago!
Original Content (Japanese) : http://level69.net/archives/26362